This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Add -fsanitize={null,alignment} sanitization of aggregate arguments of calls (PR middle-end/81005)

From: Jakub Jelinek <jakub at redhat dot com>
To: Richard Biener <rguenther at suse dot de>
Cc: gcc-patches at gcc dot gnu dot org
Date: Thu, 8 Jun 2017 20:15:28 +0200
Subject: [PATCH] Add -fsanitize={null,alignment} sanitization of aggregate arguments of calls (PR middle-end/81005)
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jakub at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 099A67F09D
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 099A67F09D
Reply-to: Jakub Jelinek <jakub at redhat dot com>

Hi!

I've noticed we don't sanitize aggregate arguments of calls.

Fixed thusly, bootstrapped/regtested on x86_64-linux and i686-linux,
ok for trunk?  For asms I'm not 100% sure, the arguments might be unused
in the asm, or used only conditionally etc.

2017-06-07  Jakub Jelinek  <jakub@redhat.com>

	PR middle-end/81005
	* ubsan.c (instrument_null): Avoid pointless code temporary.
	(pass_ubsan::execute): Instrument aggregate arguments of calls.

	* c-c++-common/ubsan/align-10.c: New test.
	* c-c++-common/ubsan/null-13.c: New test.

--- gcc/ubsan.c.jj	2017-05-21 15:46:13.000000000 +0200
+++ gcc/ubsan.c	2017-06-07 14:14:27.883227570 +0200
@@ -1212,8 +1212,7 @@ instrument_null (gimple_stmt_iterator gs
   if (TREE_CODE (t) == ADDR_EXPR)
     t = TREE_OPERAND (t, 0);
   tree base = get_base_address (t);
-  const enum tree_code code = TREE_CODE (base);
-  if (code == MEM_REF
+  if (TREE_CODE (base) == MEM_REF
       && TREE_CODE (TREE_OPERAND (base, 0)) == SSA_NAME)
     instrument_mem_ref (t, base, &gsi, is_lhs);
 }
@@ -2003,6 +2002,20 @@ pass_ubsan::execute (function *fun)
 		instrument_null (gsi, true);
 	      if (gimple_assign_single_p (stmt))
 		instrument_null (gsi, false);
+	      if (is_gimple_call (stmt))
+		{
+		  unsigned args_num = gimple_call_num_args (stmt);
+		  for (unsigned i = 0; i < args_num; ++i)
+		    {
+		      tree arg = gimple_call_arg (stmt, i);
+		      if (is_gimple_reg (arg) || is_gimple_min_invariant (arg))
+			continue;
+		      tree base = get_base_address (arg);
+		      if (TREE_CODE (base) == MEM_REF
+			  && TREE_CODE (TREE_OPERAND (base, 0)) == SSA_NAME)
+			instrument_mem_ref (arg, base, &gsi, false);
+		    }
+		}
 	    }
 
 	  if (flag_sanitize & (SANITIZE_BOOL | SANITIZE_ENUM)
--- gcc/testsuite/c-c++-common/ubsan/align-10.c.jj	2017-06-07 15:32:18.545409340 +0200
+++ gcc/testsuite/c-c++-common/ubsan/align-10.c	2017-06-07 17:06:44.000000000 +0200
@@ -0,0 +1,39 @@
+/* Limit this to known non-strict alignment targets.  */
+/* { dg-do run { target { i?86-*-linux* x86_64-*-linux* } } } */
+/* { dg-options "-O -fsanitize=alignment -fsanitize-recover=alignment" } */
+
+struct R { int a; } r;
+struct S { struct R a; char b; long long c; short d[10]; };
+struct T { char a; long long b; };
+struct U { char a; int b; int c; long long d; struct S e; struct T f; } __attribute__((packed));
+struct V { long long a; struct S b; struct T c; struct U u; } v;
+
+__attribute__((noinline, noclone)) int
+bar (int x, struct R y, struct R z)
+{
+  return x + y.a;
+}
+
+__attribute__((noinline, noclone)) int
+foo (struct S *p, struct S *q)
+{
+  int i = bar (0, r, r);
+  i += bar (1, p->a, r);
+  i += bar (2, r, q->a);
+  return i;
+}
+
+int
+main ()
+{
+  char *p = (char *) &v.u.e;
+  struct S *q, *r;
+  asm volatile ("" : "=r" (q) : "0" (p));
+  asm volatile ("" : "=r" (r) : "0" (p));
+  if (foo (q, r) != 3)
+    __builtin_abort ();
+  return 0;
+}
+
+/* { dg-output "\.c:21:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment.*" } */
+/* { dg-output "\.c:22:\[0-9]*: \[^\n\r]*member access within misaligned address 0x\[0-9a-fA-F]* for type 'struct S', which requires \[48] byte alignment" } */
--- gcc/testsuite/c-c++-common/ubsan/null-13.c.jj	2017-06-07 14:21:27.460145351 +0200
+++ gcc/testsuite/c-c++-common/ubsan/null-13.c	2017-06-07 16:54:18.576027478 +0200
@@ -0,0 +1,37 @@
+/* { dg-do run } */
+/* { dg-options "-fsanitize=null -fno-sanitize-recover=null -w" } */
+/* { dg-shouldfail "ubsan" } */
+
+struct S {
+  int i;
+  long long j;
+  long long m;
+};
+union U {
+  int k;
+  struct S l;
+};
+
+__attribute__((noinline, noclone)) int
+foo (struct S s)
+{
+  return s.i + s.j + s.m;
+}
+
+__attribute__((noinline, noclone)) int
+bar (union U *u)
+{
+  foo (u->l);
+}
+
+union U v;
+
+int
+main (void)
+{
+  union U *u = 0;
+  asm volatile ("" : "+r" (u) : "r" (&v) : "memory");
+  return bar (u);
+}
+
+/* { dg-output "member access within null pointer of type 'union U'" } */

	Jakub

Follow-Ups:
- Re: [PATCH] Add -fsanitize={null,alignment} sanitization of aggregate arguments of calls (PR middle-end/81005)
  - From: Richard Biener

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]